From: Ravi Geda <gravik@amdocs.com>
Date: Wed, 2 May 2018 14:26:46 +0000 (+0100)
Subject: Address critical security issues
X-Git-Tag: 2.0.0-ONAP~6
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aai%2Fgizmo.git;a=commitdiff_plain;h=f7bfc43799cd6adbf8997c532993949b6cd75ce4

Address critical security issues

Address security vulnerabilities identified by Nexus IQ

Change-Id: I0a795bb0c0e8a53438b83e8aadce72a316163cc4
Issue-ID: AAI-1116
Signed-off-by: Ravi Geda <gravik@amdocs.com>
---

diff --git a/pom.xml b/pom.xml
index 636f422..cdee8e9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,6 +77,12 @@ limitations under the License.
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
+            <exclusions>
+            	<exclusion>
+            		<groupId>ch.qos.logback</groupId>
+            		<artifactId>logback-classic</artifactId>
+            	</exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -91,6 +97,22 @@ limitations under the License.
             <artifactId>cxf-rt-frontend-jaxrs</artifactId>
             <version>3.2.4</version>
         </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.2.3</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>1.2.3</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency> 
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
@@ -104,7 +126,7 @@ limitations under the License.
         <dependency>
             <groupId>org.codehaus.jackson</groupId>
             <artifactId>jackson-mapper-asl</artifactId>
-            <version>1.9.13</version>
+            <version>1.4.5</version>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
@@ -267,7 +289,7 @@ limitations under the License.
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5</version>
+            <version>4.5.3</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>